Description
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
Published: 2026-06-30
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from insufficient file type validation, allowing an authenticated user to upload any file to the Nokia MantaRay Network Management system. This flaw exposes the system to the insertion of malicious files, which may later be executed by the application or used as a foothold for further exploitation. The weakness aligns with improper file type validation (CWE‑434).

Affected Systems

The affected product is Nokia MantaRay NM, a network management system used in telecom infrastructures. No specific firmware or software version is mentioned, so any currently deployed instance of MantaRay NM could be susceptible. Administrators should verify the product version against Nokia’s release notes or the advisory to determine if their installation is affected.

Risk and Exploitability

The CVSS score of 7.8 categorizes the issue as high severity, while the EPSS score of less than 1% and the absence of listing in the CISA KEV catalog indicate a relatively low likelihood of widespread exploitation at present. However, the vulnerability requires a valid authenticated session, meaning that attackers would need legitimate access to the NM interface. Once authenticated, they could use the upload feature to place malicious content on the device, potentially compromising confidentiality or integrity of the system.

Generated by OpenCVE AI on June 30, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Nokia‑released patch or upgrade that addresses the file type validation issue once it becomes available.
  • Restrict the upload functionality to only trusted users and enforce strict MIME type and file extension whitelisting on the server side.
  • Implement logging and monitoring of file upload activity, and consider firewall or configuration rules that block unauthenticated upload attempts.

Generated by OpenCVE AI on June 30, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-285

Tue, 30 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia mantaray Nm
Vendors & Products Nokia
Nokia mantaray Nm

Tue, 30 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-434
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
References

Tue, 30 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-285

Tue, 30 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
Title An unrestricted file upload vulnerability in Nokia MantaRay NM
References

Subscriptions

Nokia Mantaray Nm
cve-icon MITRE

Status: PUBLISHED

Assigner: Nokia

Published:

Updated: 2026-06-30T13:29:34.489Z

Reserved: 2025-01-24T13:25:43.869Z

Link: CVE-2025-24815

cve-icon Vulnrichment

Updated: 2026-06-30T13:29:31.163Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T18:30:18Z

Weaknesses
  • CWE-434

    Unrestricted Upload of File with Dangerous Type